From 4095a1b6ee3ed943a228bca40304fe8dd6afb0ad Mon Sep 17 00:00:00 2001
From: Ricky <hk_ricky@163.com>
Date: 星期二, 27 七月 2021 10:08:04 +0800
Subject: [PATCH] !275 fix Issue #I42GRW 任意账户越权漏洞 Merge pull request !275 from lagXkjy/master
---
ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java | 22 +++++++++++++---------
1 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java
index 183f918..94a5d43 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java
@@ -15,7 +15,7 @@
/**
* 文件上传工具类
- *
+ *
* @author ruoyi
*/
public class FileUploadUtils
@@ -89,7 +89,7 @@
*
* @param baseDir 相对应用的基目录
* @param file 上传的文件
- * @param extension 上传文件类型
+ * @param allowedExtension 上传文件类型
* @return 返回上传成功的文件名
* @throws FileSizeLimitExceededException 如果超出最大大小
* @throws FileNameLengthLimitExceededException 文件名太长
@@ -131,13 +131,12 @@
{
File desc = new File(uploadDir + File.separator + fileName);
- if (!desc.getParentFile().exists())
- {
- desc.getParentFile().mkdirs();
- }
if (!desc.exists())
{
- desc.createNewFile();
+ if (!desc.getParentFile().exists())
+ {
+ desc.getParentFile().mkdirs();
+ }
}
return desc;
}
@@ -186,6 +185,11 @@
throw new InvalidExtensionException.InvalidMediaExtensionException(allowedExtension, extension,
fileName);
}
+ else if (allowedExtension == MimeTypeUtils.VIDEO_EXTENSION)
+ {
+ throw new InvalidExtensionException.InvalidVideoExtensionException(allowedExtension, extension,
+ fileName);
+ }
else
{
throw new InvalidExtensionException(allowedExtension, extension, fileName);
@@ -215,7 +219,7 @@
/**
* 获取文件名的后缀
- *
+ *
* @param file 表单文件
* @return 后缀名
*/
@@ -228,4 +232,4 @@
}
return extension;
}
-}
\ No newline at end of file
+}
--
Gitblit v1.9.2